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An access control processor for a 
conditional access system in which en- 
crypted information segments provided 
by a plurality of inforniadon service 
providers are enoypted for transmission 
in accordance with different conditional 
access processes respectively utilizing 
different algorithms for encrypting she 
information segments. The processor in- 
cludes a deciyptor in an infomution re- 
ceiver by decrypting encrypted informa- 
tion segmets received by dte information 
receiver by processing the received en- 
crypted infonnation segments widi a ses- 
sion key used for encrypting the infor- 
mation segments in accordance with an 
algorithm utilized in one of said condi- 
tional access processes; and a conditional 
access controller in the infonnation re- 
ceiver for selectively enabling the de- 
cryptor to decrypt received infoimadon 
segments encrypted in accordance with 
any of said d^erent condidonal acceu 



14c 



7" 



— 



itromMTicN sorvn 
(stavicc pmtm a) 
(N.aainii a> 



lirOMMTION scuvoi 

(sonria paovtBoi i) 



) ■ fcou,Tiaaoi| 




processes by pn>viding to the decryptor ciyptographic inf<Hmadon for defining the algoridiro utilized in said one of said different condi- 
tional access processes for use by the decryptor to decrypt the received infonnadon segment encrypted in accordance wift said algorithm. 
Algorithm-defining cryptogniphic infonnation is downloaded frcnn an infonnation stream received by the infonnation receiver. Transmission 
of the cryptographic infonnation for enabling die conditional acceu controller to enable the decryptor to decrypt a sctotcd infonnation 
segment may be requested by ^ conditional access controller and downloaded to die conditional access connolkr from an infonnation 
stroun received by die information receiver. A message related to an authorization stants of tiie infonnation receiver is retrieved for display 
from a plurality of different possible audiorization status messages within an irJcmnation stream received by tbe information receiver. 
Computer readable storage media are so configured as to cause die access control processor to perform itt various functions. 
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CONDITIONAL ACCESS SYiSTEM . 



CROSS-REFERENCE TO RELATED APPLICATION 

This is a cominuaiion-in-part of copending application No. 08/303,409 filed 
September 9, 1994 

5 BACKGROUND OF THE INVENTION 

The present invention pertains to systems and meihods for secureh conirollinjj 
access to information segments distnbuted to information receivers m a point-co-point or 
point-to-nuilti-point network. Such systems are known as conditional access systems. 
The information may include video, audio, text, data and any/or other type of information 
^0 that may be subject to conditiorud access. An information segment is a given block of 
information, such as a television program, a given block of text or a given block of data, 
that typically is transmitted over a relatively shon duration. 

There is a need for competitiveness and open standards for customer information 
receivers used m condiuonal access systems. However, equipment vendors are motivated 
15 to maintain proprietary standards, wherd)y condiuorud access service providers often have 
been dependent upon a single source of equipment Nevenheless, information network 
service providers, such as telephone companies, desire to maintain at least two sources for 
the equipment installed in conditional access systems included within information 
distribution networks. 

20 In the prior art, encrypted information segments respectively provided by a 

plurality of different conditional access information service providers are respectively 
encrypted for transmission in accordance with different conditional access processes, 
which may respectively utilize different algorithms for encr^'pting the information 
segments; and the differently encrypted information segments are respectively decrypted 

25 by differently configured information receivers respectively containing access control 
processors adapted for enabling decryption of only encrypted infonnatton segments 
encrypted in accordance with one of the diffmnt conditional access processes. An 
encryption algorithm is a process by which a given signal is processed with a key (signal) 
to transform the given signal into an encrypted signal that is unintelligible or by which the 

30 given signal can be recovered by corresponding processing of the encrypted signal with a 
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corresponding key. The parameters of an encryption algonihm detenmme the order of 
selection for processing of bits in the given signal, the key and intermediate signals 
produced by such processing, and the sequence of such processing 

An exemplary prior an conditional access system is described in United States 
Patent No 4.631.901 to Klein S Gilhousen. Charles F Nevvbx and Karl £ Moerder and 
United States Patent No 4,712,238 to Klein S Gilhousen. Jerrold A Heller. Michael V 
Harding and Roben D. Blakeney. In such conditional access system.' an intbrmation 
segment is encrypted for transnussion by scrambling the intbrmation segment with a 
keystream that is produced by processing a secure session key m accordance uith a 
predetermined encryption algorithm, such as the DES encryption algorithm. In an 
information receiver of such a conditional access system, the encrypted infomuuion signal 
is decrypted by descrambling the encrypted information segment vnih a keystream that is 
produced by processing the secure session key in accordance \Mth the predetermined 
encryption algorithm. The session key is a key that is processed to produce the keystream 
that IS used to scramble an information segment tor a given transrmssion of the encrypted 
information segment. Typically the session key is processed vaxh another key and/or a 
data signal to produce the keystream. In the two above-cited patents, the session key is 
referred to as a channd key. 

An object of the present invention is to enhance the scope and utilit>- of conditional 
access systems by providing a conditional access system and method that allows an 
information receiver of an information distribution network to be configured on an open 
standard basis for use with different proprietary systems of a plurality of different 
conditional access service providers over a common information distribution network, in 
which each conditional access service provider determines only the parameters of the 
cryptographic system design required to enable conditional access to the information 
provided by such conditional access service provider. 

The prior an has suggested a conditional access system that would enable 
encrypted information segments respectively encrypted for transmission in accordance 
with different conditional access processes to be descrambled through use of a standard 
information receiver having a standard interface common to all present and future 
conditional access systems and a plurality of detachable conditional access modules 
respeaiveiy provided by the different conditional access informauon service providers for 
enabling a common descrambler in the information receiver to descramble received 

2 
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information segments ^ncnpied in accordance with an\' of the different conditional access 
5 processes. In such a system the use of a common descrambler to decr>pt encrypted 
information segments provided by any of a plurality of different mformation service 
providers that respectively encrypt information segments for transmission m accordance 
with any of a plurality of different conditional access processes respectively utilizing 
different algorithms for encryptmg the information segments would nuke it necessary that 
10 each of the detachable conditional access modules respectively provided by the different 
conditional access information service providers include the. ponion of the decryptor that 
generates the common descrambling keysiream by processing the secure session key used 
for encrypting the information signal in accordance with the predetermined encryption 
algorithm respectively utilized in the conditional access process used by the respective 
15 information service provider. 

SUMMARY OF THE INVENTION 

The present invention provides an access control processor for a conditional access 
system in which encrypted information segments provided by a plurality of information 
service providers are encrypted for transmission in accordance with different conditional 

20 access processes respectively utilizing different algorithms for encrypting the information 
segments, the processor comprising a decryptor in an mformation receiver for decrypting 
encrypted information segments received by the information receiver by processing the 
received encrypted information segments with a session ke>' used for encrypting the 
information segments in accordance with an algorithm utilized in one of said conditional 

25 access processes: and a conditional access controller in the information receiver for 
seleaively enabling the decr>ptor to decrypt received information segments encrypted in 
accordance with any of said different conditional access processes by providing to the 
decryptor cryptographic information for defining the algorithm utilized in said one of said 
different conditional access processes for use by the decryptor to decrypt the received 

30 information segment encrypted in accordance with said algorithm. The cryptographic 
information for defining the encryption algorithm may define various bit selection and/or 
processing parameters of a predetermined algorithm, such as the OES algonthnu or such 
cryptographic information may define the entire predetermined algorithm. 

The access control processor of the present invention is ideally suited for use in an 
35 information receiver of an information distribution network that is configured on an open 
standard basis for use with different proprietary systems of a plurality of different 

3 
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conditional access service providers over a common inlbrmation distribution network, m 
which each conditional access service provider determines only the parameters of the 
cr>ptographic design uniquely required to enable conditional access to the information 
provided by such conditional access service provider. Only those ponions of the 

5 conditional access controller that control conditional access parameters that are not 
common to all of the service providers need be contained m a detachable conditional 
access module that would be mterfaced v^th the infonnation receiver for enabling 
decryption of encrypted information segments provided by such service provider, thereby 
reducing the cost of the detach^le conditional access modules, which are replaced from 

10 time to time in order to enhance the security of the conditional access system of the 
respective information service provider. 

The present invention also provides a conditional access system including the 
above-described access control processor in combination with encryption means for 
encrypting information segments for transmission in accordance with different conditional 
IS access processes respectively utilizing different algorithms for encryptmg the infonmation 
segments. 

In another aspect, the present invention provides an access control processor for a 
conditional access system in which an encrypted infonnation segment provided by an 
information service provider is encrypted for uanstmssion in accordance with a conditional 

20 access process utilizing an algorithm for encrypting the information segment, the 
processor comprising a decryptor in an information receiver for decrypting encrypted 
information segments received by the information receiver by processing the received 
encrypted information segments with a session key used for encrypting the information 
segments in accordance with an algorithm utilized in said conditional access process; and a 

25 conditional access controller in the infonmation receiver for enabling the decryptor to 
decrypt received information segments encrypted in accordance with said conditional 
access process by providing to the decryptor cryptographic information for defining the 
algorithm utilized in said conditional access process for use by the decryptor to decrypt 
the received infonnation segments encrypted in accordance with said algorithm, wherein 

30 the conditional access controller includes means for detecting within an information stream 
received by the information receiver cryptographic information for defining the algorithm 
used for encrvptmg information segments in accordance with said conditional access 
process, and means for downloading the deteaed cryptographic intbrmation from said 
information stream. 
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In a fiinher aspect, the present invention pro\ides an access control processor for a 
conditional access system in which an cncr>pted information se«mcnt provided by an 
tnfonnation service provider is encrvpted for transmission m accordance with a given 
conditional access process, the processor comprising a decryptor in an information 
receiver for decrypting encrypted mtbrmation segments received by the information 
receiver: and a conditional access controller in the intbrmation recaver for enabling the 
decryptor to decrypt received intbrmation segments encrypted in accordance with the 
given conditional access process; wherein the conditional access controller includes means 
for requesting transmission to the information receiver of cryptographic information for 
enabling the conditional access controller to enable the decryptor to decrypt a selected 
information segment; aiKi means for downloading cryptographic informatioa transmitted 
to the receiver in response to said request. 

The present invention further provides a conditional access sv^stem including the 
inunediately-above-describcd access control processor in combination with encryption 
means for encrypting an information segment for transmission m accordance with a given 
conditional access process, and means for responding to the request for transmission of 
cryptographic information by providing the requested cryptographic information for 
transmission to the information receiver. 

In still another aspect, the present invention provides an access comro! processor 
for providing for display of a message related to an authorization status of an information 
receiver m a conditional access system for receiving an information segment, the processor 
comprising means for processing an authorization signal related to the information 
segment to determine which of a plurality of different possible authorization stamses is 
applicable to the intbrmation segment: means for retrieving trom a pluralitv of different 
possible authorization sutus messages within an information stream received by the 
information receiver a message applicable to the status determined by said processmg; and 
means for providing the retrieved message for display. 

In still an addttiotui aspect, the present invention provides an access contfo! 
processor for selecting an applicable authorization status of an information receiver for 
receiving an information segment when the information segment is provided separately by 
each of a pluralitv- of different service providers in a conditional access system, the 
processor comprising means for processing a plurality of authorization signals respeaivdy 

5 
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related to the intbrmacion segment provided separately by the plurahty of dift'erent service 
providers; means for determininj; which of a plurality of diflferent possible authorization 
statuses is applicable for the received information segment for each of the respective 
authorization signals related to the diflferent service providers: and means for seleaing 
5 one of the detemuned statuses in accordance with a predetermined priority. 

The present invention also provides computer readable storage media for use in an 
access control processor, which storage media are respectively so configured as to cause 
the access control processors to pertbrm various tlinctions of the abovenlescribed access 
control processors of the present invention. 

10 The present invention lurther provides the methods that are carried out by the 

above-descnbed access control processors and conditional access systems. 

Additional features of the present invention are described with reference to the 
detailed description of the preferred embodiments. 

BRIEF DESCRIPTION OF THE DRAWING 

15 FIG. 1 is a block diagram of a preferred embodiment of a conditional access 

system according to the present invention. 

FIG. 2 is a block diagram of an information server in the system of FIG. I. 

FIG. 3 is a block diagram of an alternative preferred embodiment of the 
information receiver in the system of FIG. 1 

20 FIG. 4 is block diagram of one preferred embodiment of the conditional access 

controller in the systems of FIGS. I and 3. 

FIG. S is a block diagram of another preferred embodiment of the conditional 
access controller in the systems of FIGS. 1 and 3. 
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DETAILED DESCRIPTION 

Refemng to FIG I. a preferred embodiment of a conditionai access system 
according to the present invention includes a plurality of information servers IOa« I Ob and 
one preferred embodiment of an information receiver 12 The information servers lOa. 
10b may be separately located or they may be mciuded in a distribution hub that receives 
inibnmation segments 14a. 14b transmitted trom different sources and encrvpts the 
intormaiion segments tor tunher transmission The information receiver 12 nw> be an 
end-user intbrmation receiver or included m a distnbution hub that receives infonmauon 
segments 14a, 14b transmitted from different sources and encrypts the information 
segments for funher transmission. 

A first information server iOa encrypts dear inlbrmation segments 14a provided by 
a first information service provider A for transmission in accordance with a first 
conditional access processes utilizing a first algorithm A for enervating inlbrmation 
segments 14a; and a second information server 10b encrypts clear mtbrmation segments 
14b provided by a second inlbrmation service provider B for transmission in accordance 
with a second conditional access processes utilizing a second algonthm B for encr>pting 
the information segments 14b The first conditional access process is different from the 
second conditional access process and the first algorithm A is different from the second 
algorithm B. As indicated by the dashed line IS. the clear information segments 14a may 
be the same as the clear information segments 14b; but usually the clear information 
segments 1 4a are different from the clear information segments 14b 

Referring to FIG. 2, a preferred embodiment of the information server 10a includes 
an encryptor 18. an entitlement message generator 20« a signal encoder 22 and an 
aut horization processor 28 . 

The encryptor 18 encrypts the clear information segments 14a by processing the 
information segments 14a with a session key K in accordance with the first algorithm A 
utilized in the first conditional access process to provide encrypted information segments 
23. The session key K is included in cryptograpbic information 24 that is processed by the 
emitlemem message generator 20 with entitiemeot information 25 to provide entitlement 
messages 26 The encoder 22 combines the encrypted informauon segments 23 and 
entitlement messages 26 to provide a combined signal 27 for transmission. Examples of 
emitlemem intbrmation are described in the aforementioned U.S. Patent No 4,712.238 as 

7 
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the program mask, the program cosi. the credit signal and the authorization uord. 
Examples of cr>piographic inlbrmaiion as descnbed in said patent, include the channel key 
(session keyj, the category key and the subscriber key generation number Examples of 
entitlement messages, as described in said patent include the channel rekey message and 
the category rekey message. Transmission of the combined signal 27 may be 
accomplished by communication satellite, microwave, cable, telephone and/or land lines. 

The operation of the authorization processor 28 and the entitienient message 
generator 20 in response to a request for cryptographic information signal 29 is described 
below with reference to an alternative embodiment feature of the conditional access 
controller shown in FIG. 4. 

Referring again to FIG. 1, one preferred embodiment of an information receiver 12 
for use in a conditional access system according to the present invention includes an 
access control processor 30 including a decr>ptor 31 and a condiuonal access controller 
32. a demultiplexer 33. a user interlace processor 34. an inlornution processor 35 and an 
information output device 36. such as a television set. having a video monitor 37 and/or an 
audio speaker (not shown). Alternatively, or additionally, the information output device 
36 may include such other components as a personal computer, a pnnter, and or a video 
casscne recorder The decryptor 31. or a portion, thereof may be embodied ui a 
replaceable security element, such as a sman card (not shown). 

The demultiplexer 33 demultiplexes a received combined signal 38 containing 
encrypted information segmenu and entitlement messages and provides the received 
encrypted mtbrmation segments 23 to the decryptor 31 and the received entitlement 
messages 26 to the conditional access controller 32. 

The user mterface processor 34 responds to inputs (not shov^) initiated by a user 
of the information receiver 12 by providing either an service request signal 40 or an 
authorization request signal 4 1 to the conditional access controller 32. 

The conditional access controller 32 processes the entitlement messages 26 to 
determine whether the decryptor 3 1 in the information receiver 12 is authorized to decrypt 
encrypted information segments 23 identified by the service request signal 40. Upon 
determining that the decryptor 3 1 and thereby the information receiver 12 is so authorized^ 
the conditional access controller 32 provides appropriate cryptographic information 42 to 
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the decryptor 31 to thereby enable the decr\ptor 31 \o decnpt the received encr>pted 
information segments 23 The cr>'ptOtfraphtc intbrmanon 4: includes the session key K 
and crv'ptographic data for defining the aigonthm A or B utilized in the conditional access 
process used to produce the encrypted informatjon seipnents 23 identified by the service 
request signal 40. 

The decryptor 3 1 then decrypts the received encrypted infonmation segments 23 by 
processing the received encrypied information segments 23 with the session key K used 
for encrypting the information segments in accordance uith the algorithm A or B utilized 
in the conditional access process used to produce the encrypted informauon segmems 23, 
to thereby reproduce the clear infonmation segments 14, which are provided to the 
information processor 35 

Upon detenmiiung the authorization status of the information receiver 12. the 
conditional access controller 32 causes a status message 43 applicable to the determined 
authorization sutus to be provided to the information processor 35 for display by the 
video monitor 37 of the information output device 36. 

The information processor 35 processes the clear information segments 14 to 
cause the output device 36 to provide an output to the user of the information receiver 12. 
When the dear information segmenu 14 represent a television signal the output device 36 
causes a picture to be provided on a video monitor 37 and also provides an audio output 
signal to the speaker in the information output device 36. When the clear information 
segmems 14 represent text and/or data, the information processor 35 causes the text 
and/or dau to be displayed on the video monitor 37 and may also cause such text and/or 
data to be printed out by a printer (not shown) coupled to the information processor 35. 
Such clear information 14 representing text and/or data may be stored initiaUy in a 
memory (not shown) for later processing by the information processor 3S. 

The information processor 35 processes the status message 43 to cause the output 
device 36 to display the message 45 to the user of the information receiver 12 on the video 
monitor 37. The informadon processor 35 may process the status message 43 together 
with the clear information s^ments 14 in such a manner as to cause the displayed message 
45 to be superimposed ova* a picture provided on the video momtor in response to 
processing of the clear information segments 14. Alternatively, the information processor 
35 may give priority to processing of the status message 43 and supersede any display of 

9 
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a piaure in response to processing of the dear intoriTiation segments 14 by causing only 
the displayed message 45 to be displayed on the video monitor 37 for a short duration 

Rcfemng to FIG. 3. an alternative embodiment of an information receiver 49 for 
use in the conditional access system of the present invention includes an access control 
processor 50 including a decr>ptor 51 and a conditional access comroller 52. a 
demuhiplexer 53. a user interface processor 54. an infonnation processor 55 and an 
information output device 56. such as a television set. having a video monitor 57 andor an 
audio speaker (not shown) The decr^ptor 5 1, or a ponion thereof, may be embodied in a 
replaceable secunty element, such as a sman card i not shown) 

The decjyptor 51 receives a combined signal 58 containing encrypted information 
segments and entitlement messages. 

The demuhiplexer 53 is coupled to the decrvptor 51 and demultiplexes the 
combined signal 59 from the decryptor 51 contaimng information segments and 
entitlement messages and provides the received information segments 14 to the 
infonnation processor 55 and the received entitlement messages 60 to the conditional 
access controller 52. 

UntU the decryptor 51 is enabled for decryption, the combined signal 59 provided 
from the deciyptor 51 to the demultiplexer 53 includes encrypted infomtaiion segments. 

The user interface processor 54 responds to inputs (not shown) initiated by a user 
of the information receiver 49 by providing either an xr.ice request signal 62 or an 
authorization request signal 63 to the conditional access controUer 52. 

The conditional access controller 52 processes the entitlement messages 60 to 
deiermme whether the deciyptor 5 1 in the information receiver 49 is authorized to decrypt 
encrypted infonnation segments identified by the service request signal 62. Upon 
determining that the decryptor 5 1 and thereby the infonnation receiver 49 is so authorized, 
the conditional access controller 52 provides appropriate cryptographic infonnation 64 to 
the deayptor 51 to thereby enable the decryptor 51 to decrypt the received encrypted 
infonnation segments inchided in the received combined signal 58. The cryptographic 
infonnation 64 includes the session key K and cryptographic dau for defining the 
algorithm A or B utilized in the conditional access process used to produce the encrypted 
infonnation segments identified by the seiMce request signal 62 Since the combined 
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signals 27a provided by ihe information server 10a of information ser\icc provider A may 
incorporate the encrypted information segments into the combined signal 27a in a different 
fornut than the format used for such purpose by the inibrmatton server I Ob of information 
service provider B, the cryptographic intbrmaiion 64 provided to the decryptor 51 by the 
condhional access controller 52 iiinher includes format data that enables the decryptor 51 
to decrypt only the encrypted information segments included in the combined signal 58. 

After the decry-ptor 5 1 has been enabled for decryption, the combined signal 59 
provided from the decryptor 51 to the demultiplexer 53 includes clear information 
segments rather than encrypted information segments. 

The decryptor 51 decrypts the received encrypted information segments in the 
combined signal 58 by processing the received encrypted information segments with the 
session key K used for encr>pting the information segments m accordance with the 
algorithm A or B utilized in the conditional access process used to produce the encrvpted 
information segments, to thereby reproduce the dear uiformation segments 14. which are 
provided by the multiplexer S3 to the information processor 55. 

Upon determining the authorization status of the information receiver 49, the 
conditional access controller 52 causes a status message 66 applicable to the determined 
authorization status to be provided to the information processor 55 for display by the 
video monitor 57 of the information output device 56. 

The information processor 55 processes the clear information segments 14 and the 
status message 66 to cause the output device 56 to provide an output to the user of the 
information receiver 49 in the same manner as described above with reference to the 
intbrmation processor 35 and the output display device 36 of the information receiver 12 
shown in FIG. 1 . 

Referring to FIG. 4, the conditional access controller 3Z 52 of either the 
information receiver 12 shown in FIG. 1 or the information receiver 49 shown in FIG. 3 
includes a control processor 70, an autboriration processor 7K a cryptographic 
information generator 72, a memory 74 preferably including one or more smart cards 75, 
and a message display driver 76. The cryptographic information generator 72, or a 
portion thereof, may be embodied in a replaceable security element, such as a smart card 
(not shown). In one embodiment, a ponion of the memory 74. a ponion of the 
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copiographjc information generator 72 and a ponion of the decryptor 3 1 arc embodied in 
a common replaceable secunry element, such as a smart card inoc shown). In describmg 
the conditional access controller shown in FIG, 4, only the reference numerals shown in 
FIG. 1 arc used to refer to the various signals and components that arc shown m both 
FIGS. I and 3, although the corresponding reference numerals shown in FIG 3 for such 
signals and components also arc applicable. 

The control processor 70 processes the entitlement messages 26 to provide 
authorization messages 79 to the authorization processor 71 and cr>ptographic messages 
80 to the cryptographic information generator 72. 

The authorization processor 71 responds to an service request signal 40 by 
processing the authorization messages 79 with authorization data 82 stored in the memory 
74 to determine whether the decryptor 31 in the information receiver is authorized to 
decrypt encrypted information segments identified by the service request signal 40. Upon 
deiermining that the decryptor 3 1 and thereby the information receiver is so authorized, 
the authorization processor 71 provides an appropnatc status signal 84 to the 
cryptographic information generator 72. An example of an authorization processor is 
described in the aforementioned U.S. Patent No. 4,712,238 with reference to FIG. I. In 
the conditional access controller of RG 4, the status signal 84 includes both an enable 
signal and data identifying cither conditional access process A or conditional access 
process B as the conditional access process used for encrypting the information segment 
identified in the service request signal 40. 

The cryptographic information generator 72 responds to the status signal 84 by 
processing the cryptographic messages 80 together with cryptographic dau 86 retrieved 
from the memory 74 to therdw provide to the decryptor 3 1 the cryptographic information 
42 that enables the decryptor 31 to decrypt the received encrypted information segments 
23 identified by the service request signal 40. As indicated above, the cryptographic 
information 42 includes the session key K and cryptographic information for defining the 
algorithm A or B utilized in the conditional access process used to produce the encrypted 
information s^tnents identified by the service request signal 40 

The data for defining algorithm A or B included in the cryptographic information 
42 IS retneved from the memory 74 as pan of the cryptographic data 86 utilized m 
accordance with the conditional access process A or B identitied in the status signal 84 as 
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the condiiionaJ access process used for encr\-pting the information segment identified in 
the scmce request signal 40 In one embodiment, the memoPr- 74 stores the cr^ ptographjc 
intbrmaiion for defining the different algonihms A and B respectively used in the different 
conditional access processes. In another embodiment the cr>ptographjc mtbrmation for 
delJning each algorithm A, B is stored in a separate replaceable secunt\- element, such as 
the smart card 75 and is provided therefrom to the cr>ptographic int'ormation generator 
72 The memory 74 may include a pluralii\ of such smart cards 75 respcaivcly provided 
by the different conditional access intbrmation service providers and respectively storing 
the cr>ptographic information for defining the different algorithms A, B utilized for 
decryptmg the received encrypted information segments 23 m accordance with the 
different conditional access processes A and B. 

When the service request signal 40 identifies a selected information segment that is 
provided by each of a plurality of different service providers, the authorization processor 
71 processes authorization signals in the authorization messages 79 related to the selected 
information segment provided by each of the plurality of the different service providers to 
determine which of a plurality of different possible authorization statuses is applicable to 
the selected intbrmation segment provided by each of the service providers; and selects for 
decryption in accordance with a predetermined priority based upon such sutus 
deienmnaiions the encrypted information segment provided by one of the service 
providers. Examples of different statuses tnclude, in order or priority: "blacked-out", 
"locked-out". "aulhorized^ "available for pay-for-view" and "not presently authorized". 
The conditional access process A or B used by the service provider for encrypting the 
information segment seleaed in accordance with such predetermined priority is identified 
in the sutus signal M provided to the cryptographic information generator 72 so as to 
cause the cryptographic generator 72 to indude in the cryptographic information 42 the 
cr>ptographic information for defining the algorithm used for encrypting the selected 
information segment provided by such service provider. Such predetenmned priority may 
be changed fi-oro time to time by downloading new priority data fi^om the informatioD 
stream received by the information receiver 12. 49 or fi*om a new sman card insened into 
the memory 74. 

The status determined by the authortzttim processor 71 is indicated by a sutus 
signal 88 provided by the authorization processor 71 to the message display driver 76, 
which in turn retrieves a status message 43 corresponding to the indicated status fi-om the 
memory 74 and provides the status message 45 to the information processor 35. The user 
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of the information receiver is intbrmed of the determined status by the status message 
display 45 on the video monitor 37 The status signals 84. 88 and the display 45 of the 
status are pro\ided in response to each senice request signal 40 notwithstanding whether 
the selected information segment is provided by one or more different service providers 

5 When the status is "not presently authonzed". the user may operate the user 

interface processor 34 to provide an authorization request signal 41 to the authorization 
processor 7 1 The authorization processor 71 responds to the authorization request signal 
41 by generating a request tor cryptographic inlbrmation signal 29 that is transnutted to 
the inibrmation server tOa. 10b of the service provider that provides the selected 

10 information segment identified in the service request signal 40 The request for 
cryptographic information signal 29 is a request for transmission to the information 
receiver of cryptographic inibrmation for enabling the conditional access controller 32 to 
enable the decryptor 31 to decrypt the selected information segment identified in the 
service request signal 40 

15 The authorization processor 28 in the information server 10a receives and 

processes the request for cryptographic information signal 29 to determine whether or not 
the information receiver from which the request signal 29 originated should be authorized 
to decrypt the selected information segment. Upon* determining that such information 
receiver should be so authorized, the authorization processor 28 causes the requested 

20 cryptogr^hic information 90 to be included in entitlement messages 26 provided by the 
entitlement message generator 20 that are addressed to the infonnation receiver from 
which the request signal 29 originated* together with authorizauon messages 79 that will 
cause the authorization processor 71 in the information receiver to determine that the 
decryptor 3 1 in the information receiver is authorized to decrypt the selected encrypted 

25 information segment. If the cryptographic information generator 72 is of the type 
described in the aforementioned U.S. Patent No. 4,712,238, at least some of the key 
seed(s) stored in the memory 74 of the information receiver would have to be known to 
the information service provider providing such authorization. 

in the conditional access controiler 32 of the information receiver, the contioi 
30 processor 70 downloads cryptographic information transmitted to the information receiver 
in response to the request for cryptographic information signal 29 by detecting the 
transnutted cryptographic informauon within an information stream of enmlemem 
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messages 26 received by the intbrmauon receiver and by dovynloading the deteaed 
cr>ptographic information from such information stream 

The transmitted cryptographic information downloaded by the control processor 
70 includes cryptographic data 92 for defming the algorithm that is used in the conditional 

5 access process utilized by the information server 10a, 10b that encrypts the selected 
encrypted information segment and cryptographic data for use in generating a session ke)' 
for use by the decryptor 32 for decrypting information segments encrypted in accordar.ee 
with the given conditional access process, including data for defining an algorithm for 
generating the session key and cryptographic information of the type that typically is 

10 provided to information receivers in the rekey messages. The transmitted cr>ptographtc 
information may be encrypted for transmission in order to enhance security, in which case 
the control processor 70 includes a decryptor (not shown) for decrypting the transmitted 
cr)ptographic information. Also data for defining a new encryption algorithm as well as 
other cryptographic information may be transmitted at the instigation of the conditional 

15 access information service provider rather than in response to a request signal 29 
whenever it is desired to change the encryption algorithm or such other cryptographic 
information. 

The downloaded algorithm-defirung data 92 is stored m the memory 74 for 
retrieval by the cryptographic information generator 72 when the authorization processor 

20 provides a status signal 84 identifying the conditional access process that utilizes the 
downloaded algorithm-defining data 92. The remainder of the downloaded cry ptographic 
information is included in the cryptographic messages 80 provided by the control 
processor 70 to the cryptographic information generator 72 and processed by the 
cryptographic information generator 72 to generate the session key K included in the 

25 cryptographic information 42 provided to the decryptor 3 1 . 

Alternatively, the cryptographic information, including the algorithm-defining dau 
required for decrypting encrypted information signals encrypted in accordance with a 
conditional access process of a given information server can be downloaded into the 
memory 74 from a smart card 7S sent to the user of the information receiver. This 
30 technique of downloading the required algorithm-defining data can be used whenever the 
algorithm utilized by a given information server 10a, 10b is changed or when a user of an 
information receiver newly becomes a subscriber to information services provided by the 

15 



wo 96/08912 



PCTAJS95/1©571 



inlormation ser\*tce provider that operates the irubrmatton server that utilizes the 
alyorithm defined by such downloaded algorithm-defining data 

Referring to FIG. 5, an alternative preferred embodiment of the conditional access 
controller 32, 52 is provided for a conditional access system in which the combined signal 

5 27a 27b, transmitted to the information receiver 12, 49 includes all of the possible status 
messages 94 tn addition to the entitlement messages 26 and the encrypted information 
segments 23. In this embodiment, the conditional access controller 32, '52 includes a 
control processor 95, an authorization processor 96, a cryptographic information 
generator 97, a memory 98 preferably including one or more smart cards 99, and a 

10 messagedisplay driver 100 

The conu^ol processor 95 processes the entitlement noessages 26 to provide 
authorization messages 102 to the authorization proccissor 95 and cryptographic messages 
103 to the cryptographic information generator 97. 

The authorization processor 96 responds to an service request signal 40 identifying 
15 a selected information segment by processing an authorization signal vwnthin the 
authorization messages 102 that is related to the selected information segmem with 
auihonzation data 105 stored in the memor\' 98 to determine whether or not the decryptor 
3 1 is enabled to decrypt the seleaed information segment aiKi to determine which of a 
plurality of different possible authorization stamses is applicable to the selected 
20 information segment. Upon determining the authorization status of the information 
receiver, the authorization processor 96 provides a first status signal 106 to the 
cryptographic information generator 97 and a second status signal 107 to the control 
processor 95. 

The control processor 95 responds to the sutus signal 107 by retrieving from a 
25 plurality of different possible authorization status messages 94 within an information 
stream received by the information receiver a message 108 applicable to the status 
determined by the authorization processor 96, as indicated by the status signal 107. The 
conuol processor 95 retrieves the applicable status message from the information steam by 
detecting the applicable status message 108 within the different possible authorization 
30 status messages 94 and by do\^*nloading the detected applicable status message 108 from 
said information stream. The control processor 95 provides the downloaded retrieved 
status message 108 to the message display driver 100. which in turn provides the 
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do\^TiIoaded status message 110 to the tnl'ormation processor 35 for displa> by the 
information output device 36 

The cr>ptographic information generator 97 responds to the status signal 106 by 
processing the cr>ptographic messages 103 together uith cryptographic data 1 12 retrieved 
from the memorv 98 to thereby provide to the decryptor 3 1 the crvptographic infonnation 
42 that enables the decr>ptor 3 1 to decnpt the received encr>pted tntbrmation segments 
23 identiAed by the senice request signal 40 

Except for the downloading and provision of the status message 108 that is to be 
displayed, the functions of the conq>onent5 of the conditional access controller of FIG S 
are the same as the functions of the like components in the conditional access controller of 
FIG. 4, including the downloading of the cryptographic information from the infonnation 
stream. 

The memory 74, 98 includes computer readable storage media (or medium) that 
are configured so as the cause the access control processor 30. 50 to perform its various 
functions described above. 

The information segments 14a, 14b that are encrypted may include an MPEG-2 
video signal. MPEG*2 is an ISO (International Standards Organization) standard 
provided by Moving Picture Expert Group Number 2 for television compression and 
decompression equipment. The information processor 3S, 55 may be a NfPEG 
decompressor. 

The present invention affords availability to a set-top. such as a digital 
entertainment terminal of a network inter&ce module that can through a conditional 
access/encryption algorithm-defining data downloading process from the infonnatioa 
distribution network gateway equipment, accommodate and run the decryption algorithms 
of the conditional access system service provider selected by the information provider. 
Hence each conditional access service provider can customize its own conditional access 
algorithms, inchiding the information segmeat encryption algorithm. According^ the 
required imegrated circuit sets in a presem day proprietary network tnteiftce module are 
replaced by the access control processor of the present invention. A network tmerftce 
module including the access control processor of the present invention does not depend 
upon a fixed access control process or a fixed security algorithm architecture for the 
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secuniy provided to the information provider, such as a programmer, but instead provides 
a flexible cr>pto-sysiem architecture that through its use of tlexible aluonthm information 
stream encryption equipment, flexible message protocol standard, andor a high-security 
yet low-cost sman card, responds economically to any security breach, since algonthms 
are easUy changed to offset gains pirates may have made by breaking the code of a 
panicular encryption algorithm. 

The present invention also provides mobility to a subscriber o\s ning an information 
receiver in that the subscriber's entitlements can be carried from set-top to set-top through 
the simple issuance of a new sman card, one that is matched to the infonnation provider in 
the information provider's new service area. 

The use of a sman card, in addition to the provision of mobilit> and an enhanced 
level of flexibility to the mariceting of services, special programming, ease of maintenance, 
ease of update, etc. also provides an enhanced level of secunt>- through the timed elements 
of validity and the personalization of the cards upon a subscriber subscnbing for the 
services. 

The presem invention also will allow the service providers to have maximum 
fle.xibiUty for purchase of mulii-vettdor equipment and. multi-vendor encryption systems 
with lower prices derived from open competition. 

The advantages specifically stated herein do not necessarily apply to every 
conceivable embodimem of the presem invention. Further, such stated advantages of the 
presem invenuon are only examples and should not be construed as the only advanuges of 
the presem invention. While the above description contains man>- specificities, these 
should not be constmed as limitations on the scope of the present invention, but rather as 
examples of the preferred embodiments descnbed herein. Other vanations are possible 
and the scope of the present invention should be determined not by the embodiments 
described herein but rather by the claims and their legal equivalents. 
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CLAIMS 

1. An access control processor for a conditional access system in which encrypted 
2 information segments provided by a pluralii\- of inlbrmaiion service providers are 

encrypted for transmission in accordance wih different conditional access processes 
4 respectively utilizing different algorithms for encrypting the information segments, the 
processor comprising 

6 a decryptor in an infomiation receiver for decrvpiing encrypted information 

segments received by the information receiver by processmg the recaved encrypted 

8 information segments with a session key used for encrypting the information segments in 
accordance with an algorithm utilized in one of said conditional access processes; and 

10 a conditional access controller in the information receiver for seleaively enabling 

the decryptor to decrypt received information segments encrypted in accordance with any 

12 of said different conditional access processes by providing to the decryptor cryptographic 
information for defining the algorithm utilized m said one of said ditt'erent conditional 

14 access processes for use by the decryptor to decrypt the received intbrmaion segment 
encrypted in accordance with said algorithm. 

2. A processor according to Claim K wherein the conditional access controller 
2 includes 

means for deteaing within an information stream received by the information 
4 receiver cryptographic information for defining the algorithm used for encrypting 
intbrmation segments in' accordance with said one of said different conditional access 
6 processes; and 

means for downloading the detected cryptographic information from said 
e infonnation stream. 

3. A processor according to Claim K wherein the conditional access controller 
2 includes a replaceable secunty element, such as a smart card, for providing cr>ptographic 

information for defining the algorithm. 
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4 A processor according to Claim I. wherein the conditional access controller 
includes a memory* in the tnlbrmaiion receiver stonng cR-piographic information for 
defining said different algonihms respectively utilized in said different conditional access 
processes. 

5 A processor according lo Claim 1, wherein the conditional access controller 
selectively provides the cryptographic inlbrmation for defining the algorithm utilized in 
said one conditional access process to the decryptor in accordance uith a signal 
identifying said one conditional access process as the conditional access process used for 
encrypting the received infonnation segmenu. 

6. A processor according to Claim 1, wherein the conditional access controller 
compnses 

means for processing an authoruation signal related to a selected infonnation 
segment provided by each of a plurality of said service providers to determine which of a 
plurality of difFerent possible authorization statuses is applicable to the selected 
information segment provided by each of the service providers: and 

n>eans for seleaing for decryption in accordance with a predetermined priority 
based upon said status determinations the encrypted information segment provided by one 
of said service providers. 

7. A processor according to Claim 6, wherein the cryptographic information for 
defining the algorithm provided by the conditional access controller to the deoyptor is 
provided in accordance with said sdeaion of the selected encrypted infonnation segment 
provided by said one service provider. 

8. A processor according to Claim I in combination with a demuhiplexer in the 
infonnation receiver, wherein the denuiltiplexer is adapted for demultiplexing a received 
combined signal containing encrypted information segments and entitlement m^sages: 
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wherein the decr>pior is coupled to the, demultiplexer for receiving the 
demultiplexed encr>pted inlbrmaiion seumenis for said decrvpiion, and 

wherein the conditional access controller is coupled to the demultiplexer for 
receiving the demultiplexed entitlement messages for processing in order to so enable the 
decrvpior 

9 A processor according to Claim 1 in combination with a demultiplexer in the 
information receiver, wherein the decrvpior is adapted for decr>pting encr>picd 
mtbrmaiion segments in a received combined signal containing encrypted information 
segments and entitlement messages. 

wherein the demultiplexer is coupled to the decrypt or for demultiplexing the 
combined signal following said decryption of the encrypted information segments by the 
decryptor: and 

wherein the conditional access controller is coupled to the demultiplexer for 
receiving the demultiplexed entitlement messages for processing in order to so enable the 
decryptor. 

10. An access control processor for a conditional access system in which an 
encrypted information segment provided by an information service provider is encrypted 
for transmission in accordance with a conditional access process utilizing an algorithm for 
encrypting the information segment, the processor comprising 

a decryptor in an information receiver for decrypting encrypted infonnatioD 
segments received by the information receiver by processing the recetved encrypted 
information segments with a session key used for encrypting the information segments io 
accordance with the algorithm utilized in said conditional access process; and 

a conditional access controDer in the information receiver for enabling the 
decryptor to decrypt received information segments encrypted in accordance with said 
conditional access process by providing to the decrjptor cryptographic information for 
defining the algorithm utilized in said conditional access process for use by the decryptor 
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to decnpt the received information segments encrypted in accordance uith said algorithm. 
14 wherein the conditional access controller includes 

means for detectmg within an information stream received by the 
16 information receiver cr^-ptographic information for defining the algorithm used for 

encrypting information segments m accordance v^ith said conditional access 
18 process, and 

means for downloading the detected cr\'ptographic information from said 
20 infonmation stream. 



1 1 An access control processor for a conditional access system in which an 
2 encrypted information segment provided by an information service provider is encr>pted 
for transmission in accordance with a given conditional access process, the processor 
4 comprising 

a decryptor in an information receiver for decrypting encrypted information 
6 segments received by the information receiver: and , 

a conditional access controller in the infomiation receiver for enabling the 
8 decryptor to decrypt received information segments encrypted in accordance with the 
given conditional access process; 

10 wherein the conditional access controller includes 

means for requesting transmission to the infonnation receiver of 
12 cryptographic infonnation for enabling the conditional access comroUer to enable 

the decryptor to decrypt a selected infonnation segment; and 

14 means for downloading cryptogirapfaic information transmitted to the 

receiver in response to said request. 
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12 A processor according to Claim II. wherein the transmitted crvptouraphic 
2 information includes cnLptographic data tor defining an algonthm used by the decr>*ptor 

for decr>pting inlbrmation segments encrypted in accordance with the given conditional 
4 access process. 

13 A processor according to Claim 12, wherein the downloading means includes 
2 means for detecting the transmitted cr\'ptographjc data for defining the algorithm within an 

information stream received by the information receiver and means for dowiiloading the 
4 deteaed cryptographic information from said information stream. 

14 A processor according to Claim 11. wherein the requested cryptographic 
2 information includes data for use in generating a session key for use by the decryptor for 

decrypting information segments encrvpted in accordance v^ith the given conditional 
4 access process; and 

the conditional access controller includes means for processing the do\^*nloaded 
6 session key generation data to generate said session key 

15 A processor according to Claim 14. wherein the downloading means includes 
2 means for detecting the transmitted session key generation data withm an information 

stream received by the inlbrmation receiver and means for downloading the detected 
4 session key generation dau from said information stream. 

16. A processor according to Claim 1 1, wherein the conditional access comroUer 
2 includes 

means for processing an authorization signal related to the selected infonnatioa 
4 segment to detennine whether or not the decryptor is enabled to decrypt the selected 
infonnatioa segment and to deterrnine which of a plurality of different possible 
6 authorization statuses is applicable to the selected information segment; 
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means for rctnevinjj from a plurality of different possible authonzaiion status 
messages within an inlbrmation stream received by the mtbrmation receiver a messaije 
applicable to the status determined by said processing; and 

means for providing the rctneved message for display 

!7. An access control processor for providing for display of a message rcjated to 
an authorization status of an intbrmaiion receiver in a conditional access system for 
receiving an information segment, the processor comprising 

means for processing an authorization signal related to the information segment to 
determine which of a plurality of different possible authorization statuses is appbcable to 
the information segment. 

means for retneving from a plurality of different possible authorization status 
messages within an infonmaiton stream received by the information receiver a message 
applicable to the status determined by said processmg; and 

means for providing the retrieved message for display 

18. A processor according to Claim 17. wherein the information segment is 
provided separately by each of a plurality of different service providers; 

wherein the processing means indude 

meaos for processing a plurality of authorization signals re^wdvely 
related to the information segment provided separately by the plurality of difltertm 
service providers; 

means determining whicfa of a phindity of dififeroit possible autbmatira 
statuses is ^jplicable for the received infonnation segment for each of the 
respective authorization signals related to the different service providers: and 
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means for selecting one of the determined statuses in accordance with a 
predetermined priority, and 

wherein the retrieving means includes means for retrieving the message applicable 
to the status selected by the relecting means 

19 An access control processor for providing for displax of la message related to 
an authonzaiion status of an imbrmation receiver in a conditional access s>stem for 
receiving an information segment when the information segment is provided separately by 
each of a plurality of diflferent service providers, the processor comprising 

means for processing a plurality of authorization signals respectively related to the 
information segment provided separately by the plurality of different service providers. 

means determining which of a pluraiitv* of different possible authorization statuses 
is applicable for the received information segment for each of the respective authorization 
signals related to the different service providers; 

means for selecting one of the determined statuses in accordance with a 
predetermined priority; 

means for selecting from a plurality of different possible authorization status 
messages the message applicable to the status determined in accordance v^th said prioritv; 
and 

means for provading the selected message for display 

20. An access comrol processor for sdecttng an qiplicable authorization status of 
an information receiver for receiving an information segment when the infbnnatkn 
segment is provided separately by each of a phiniity of different service providcn m a 
conditional access system, the processor comprising 

means for processing a plurality of authorization signals respeaively related to the 
inlbrmation segment provided separately by the plurality of different serv ice providers. 
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means for determining which of a plurality ot ditfereni possible authorization 
8 statuses is applicable for the received intbrmation segment for each of the respective 
authorization signals related to the different service providers, and 

10 means for selecting one of the determined statuses in accordance with a 

predetermined priority 

21. A conditional access system in which encr>*pted information is provided by a 
2 plurality of information service providers in accordance with different conditional access 
processes respeaively utilizing different algorithms for encry-ptmg the informatioiu 
4 comprising 

encryption means for encrypting information segments for transmission in 
^ accordance with different conditional access processes respectively utilizing different 
algorithms for encrypting the information segments; 

8 a decryptor in an information receiver for decrypting encrypted information 

segments received by the information receiver by processmg the received encrypted 

10 information segments with a session key used for encrypting the information segments in 
accordance with an algorithm utilized m one of said conditional access processes; and 

12 a conditional access controller in the information receiver for selectively enabling 

the decryptor to decrypt received information segments encrypted in accordance with any 

14 of said different conditional access processes by providing to the decryptor cryptographic 
information for defining the algorithm utilized in said one of said different conditional 

16 access processes for use by the decryptor to decrypt the received information segment 
encrypted in accordance with said algorithm. 



22. A system according to Claim 21, further comprising 

2 means for requesting transmission to the information receiver of cryptographic 

information for defining the algorithm utilized in said one of said different conditional 
4 access processes; 

26 
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means for responding to said request by iransmiiimu ihe requesied cnptouraphic 
information; and 

means in the information receiver for do\^Tiloading the transmitted copiographic 
information. 

23 A system according to Claim 22. wherem the conditional access controller 
includes the means for downloading the transmitted cr>ptographic inl'onnation, to wit 
means for detecting the transmitted cr>ptographic informauon within an information 
stream received by the information receiver and means for dou-nloading the deteaed 
cryptographic information from said information stream. 

24. A system according to Claim 2 L further compnsmg 

means for requesting transmission to the informauon receiver of other 
cryptographic information used by the conditional access controller for enabling the 
decryptor to decrypt the information encrypted iii accordance with one of said different 
conditional access processes; 

means for responding to said request by transmitting the requested other 
cry ptographic information; and 

means in the information receiver for downloading the transmitted other 
cryptographic information. 

25. A system according to Claim 24, wherein the conditional access controller 
includes the means for downloading the transmitted other cryptographic information, to 
wit: means for detecting the transmitted other cryptographic infi3rroation within u 
information stream received by the information receiver and means for downloading the 
deteaed other cryptographic information from said information stream 
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26 A system accordin« lo Claim 24. whercm the other cr>piojfraphjc mformaiion 
includes daia for use in gencratm« a session key for use by the decnptor for decr>piin« 
inlbrmation segments encrypted in accordance with the algorithm utilized in said one of 
said ditTereni conditional access processes, and 

the conditional access controller includes means for processing the douTiloaded 
session key generation data to generate said session key. 

27 A conditional access system in which encrypted information is provided by a 
an information service provider m accordance with a given conditional access process, 
comprising 

encryption means for encrypting an information segment for transmission in 
accordance with a given conditional access process: 

a decrypior in an information receiver for decrypting encrxpted information 
segments received by the information receiver; 

a conditional access controller in the information receiver for enabling the 
decryptor to decrypt received information segments encrypted in accordance with the 
gi\en conditional access process, wherein the conditional access controller includes 

means for requesting transmission to the information receiver of 
cryptographic information for enabling the conditional access controller to enable 
the decryptor to decrypt a seleaed information segment; and 

means for downloading cryptographic information transmined to the 
receiver in response to said request; and 

the system further coRq)nsing 

means for responding to said request by providing the requested cryptognpUc 
information for transmission to the information receiver. 
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28. A sysrem according to Claim 27. wherein the requested cnptographic 
inlbrmaiion includes cr>l3iouraphjc data for detininif an aljfonthm used by ihc decryptor 
for decry-piing inforniaiion segments encr>pted in accordance with the given conditional 
access process. 



29 A system according to Claim 28. whercm the downloadmg means mcludes 
means tor detecting the transmitted cryptographic data for detmmg the algonthm within an 
information stream received b> the information receiver and means for downloading the 
detected cryptographic data from said informauon stream. 



30 A system according to Claim 27. wherein the requested cryptographic 
information includes data for use in generating a session key for use by the decryptor for 
decrypting information segmems encrypted in accordance with the given conditional 
access process; and 

the conditional access controller includes means for processing the downloaded 
session key generation dau to generate said session key. 

31. A system according to Claim 30, whcrem the downloading means includes 
means for detecting the transmitted session key generation data within an informauon 
stream received by the information receiver and means for dowiiloading the deteoed 
session key generation data from said information stream. 



32. A system according to Claim 27. wberdn the conditional access controtter 
includes 

means for processing an authorization signal related to the selected informatioo 
segment to determine whether or not the deoypcor is enabled to deoypi the selected 
information segment and to determine which of a plurality of diflferem posabk 
authorization sutuses is applicable to the selected information segment; 
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means for reiricving from a plurality of different possible authonzaiion status 
messawes within an information stream received by the information receiver a messaije 
applicable to the status determined by said processing: and 

means for providing the retrieved message for display 

33 A computer readable storage medium for use in an access control processor 
included in an information receiver of a conditional access system in which encrypted 
information segments pro\ided by a plurahty of information service providers are 
encr>pted for transmission in accordance with different conditional access processes 
respectively utilizing different algorithms for encrypting the information segments, and 
including a decrvptor for decrvpimg encrypted information segments received by the 
information receiver by processmg the received encr>pted information segments with a 
session key used for encry pting the information segments in accordance with an algorithm 
utilized in one of said conditional access processes, and a conditional access controller. 

wherein the storage medium is configured so as the cause the conditional access 
controller to seleaivety enable the decryptor to decrypt received information segments 
encrypted in accordance with any of said different conditional access processes, by 
providing to the decryptor cryptographic information for defining the algorithm utilized in 
said one of said different conditional access processes for use by the decryptor to decrypt 
the received information segment encrjpted in accordance with said algorithm. 

34. A storage medium according to Claim 33, further configured so as to cause 
the condiuonal access controller to detect within an information stream received by the 
information receiver cryptographic informatioo for defining the algorithm used for 
encrypting information segmems in accordance with said one of said different condmonal 
access processes and to download the detected cryptographic information fi-om said 
infomutioo stream. 

35 A computer readable storage medium for use in an access control processor 
included in an information receiver of a conditional access system m which encrypted 
information segments provided by an information service provider are ncrypted for 
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4 transnussion in accordance win a conditionai access process utilizing an algonthm for 
encnpting the inlbnriaiion segments, and including a decr>ptor for decnpting encrvpted 

6 inibrmaiion segments received by the intbrmation receiver b\ processing the received 
encrypted information segments with a session ke>* used for encrypting the information 

8 segments in accordance uith the algonthm utilized in said conditional access process: and 
a conditional access controller. 

10 wherein the storage medium is configured so as the cause the conditional access 

controller to enable the decrypior to decr>pt received intbrmation segments encrypted in 
12 accordance with said conditional access process by providing to the decryptor 

cryptographic infomuuion for defining the algorithm utilized in said conditional access 
14 process for use by the decryptor to decrypt the received infonnation segment encrypted in 

accordance with said algorithm, by causing the conditional access controller to detect 
16 within an information stream received by the information receiver cryptographic 

information for defining the algonthm used for encrypting information segments in 
18 accordance \Mth said conditional access process and to dov^nload the detected 

cryptographic information from said information stream. 

36 A computer readable storage medium for use tn an access control processor 
2 included in an tnformauon r^eiver of a conditionai access system in wiiich an encrypted 

information segment provided by an information service provider is encrypted for 
4 transmission in accordance wi\h a given conditional access process, and including a 

decryptor and a conditional access controller, 

6 wherein the storage medium is configured so as to cause the conditional access 

controller to enable the decryptor to decrypt received information segmems encrypted in 

8 accordance with the given conditional access process, by requesting transmission to the 
information receiver of cryptographic informatioQ for enabling the conditional access 

10 controller to enable the decryptor to decrypt the selected infbmiation segment and by 
downloading cryptographic information transmitted to the receiver in response to said 

12 request 

37. A computer readable storage medium configured so as to cause an access 
2 comrol processor to selea an applicable authorization status of an information receiver for 
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receivinjj an intbrmation seument when {he inibnnation seumeni is provided separatcK bv 
4 each of a plurality of different service providers in a conditional access system, by 

processing a pluralit\' of authorization signals respecti\el> related to the intbrmation 
6 sepnent provided separately by the plurality of different service providers, determining 

which of a plurality of different possible authorization statuses is applicable for the 
8 received information segment for each of the respective authorization signals related to the 

different service providers, and selecting one of the determined statuses in accordance 
10, vvi;h a predetermined pnonty 

38. A computer readable storage medium configured so as to cause an access 
2 control processor to provide for display of a message related to an authorization status of 

an information receiver in a conditional access system for receiving an information 
4 seunent. by processing an authorization signal related to the information segment to 

determine which of a plurality of different possible authorization statuses is apphcabie to 
6 the inlbrmation segment; retrieving from a plurality of different possible authorization 

status messages within an information stream received b> the intbrmation receiver a 
8 message applicable to the status deternuned by said processing; and providing the 

retrieved message for display. 

39 A conditional access method in which encrypted information is provided bv* a 
2 plurality of information service providers in accordance with different conditional access 
processes respectively utilizing different algorithms for encrypting the informatioit 
4 comprising the steps of: 

(a) encrypting information segments for transmission in accordance with difrercnt 
6 conditional access processes respectiv^y utilizing different algorithms for encrypting the 
infomauon segments; 

8 (b) using a decryptor in an information receiver to decrypt encrypted informatkn 

segments received by the informatioo receiver by processing the received eociypttti 

10 information segments with a session key used fcM* enaypttng the information segments in 
accordance with an algonthm utilized in one of said conditional access processes: and 
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ic) in the inlbrmaiion receiver. seleciiveK enabiinu the decr>ptor lo dccrvpi 
received infonmaiion segments encrvpied in accordance uiih an> of said different 
conditional access processes by providing to the dccrvpior cnpiographic mformaiion for 
defining the algonthm utilized in said one of said different conditional access processes for 
use by the decr^pior to deci>pt the received information segment cncr\pted in accordance 
uuh said algorithm. 



40 A method according to Claim 39, whercm step ic) comprises the steps of 

(d) detcctmg wthin an information stream received by the information receiver 
coptographic information for defining the algorithm used for encrypting information 
segments in accordance with said one of said different conditional access processes, and 

(c) dowrTiloading the delected cryptographic information from said intbrmation 

stream. 

41 . A method according to Claim 39, wherem step (c) comprises the step of: 

(d) providing the cryptographic information for defining the algonthm m 
accordance with a signal identifying said one conditional access process as the conditional 
access process used for encrypnng the receive information segments 

42. A method according to Claim 39, wherein step <c) comprises the step of 

(d) providing the cryptographic infonnation from a memory in the informauon 
receiver storing cryptogr^hic information for defining said differem algorithms 
respeaively utilized in said differem conditional access processes. 

43. A nMthod according to Claim 39, fiirther comprising the steps of 

(d) processing an authorization signal related to a selected information segment 
provided by each of a plurality of said service providers to determme which of a plurality 
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4 of dilTerent possible auchonzauon statuses is applicable to the selected tnromiation 
segment provided by each of the serv ice providers, and 

6 (e) selecting for decr>'ption in accordance with a predetermined pnority based 

upon said status determinations the encr\pted information segment pro\ided by one of 
8 said service providers 

44 A method according to Claim 43, wherein step (c) composes the step of. 

2 (0 providing the cr\*ptographic information for defining the aJgonthm to the 

decryptor in accordance with said selection of the encrypted information segment 
4 provided by said one service provider 

45. A method according to Claim 39. further comprising the steps of: 

2 (d) requesting transmission to the informatiqn receiver of cryptographic 

information for defining the algorithm utilized in said one of said different conditional 
4 access processes; 

(e) responding to said request by transmitting the requested cryptographic 
6 information; and 

(0 in the information receiver, downloading the transmitted cryptographic 
e information. 

46. A method accordipg to Claim 45, wherein step (0 inchides the steps of 

2 (g) detecting the transmitted cryptogrq>hic information within an information 

stream received by the tnfonnatioti recetvo; and 

4 (h) downloading the detected cryptographic information fi'om said information 

stream. 
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47. A method atcordma to Claim 39. tunher comprising ih^^ steps of 

2 (d) requesting transmission to the intbnnation receiver of crxptographic 

information used for enabling decr>'ption of the information encrypted in one of said 
4 dinerent conditional access processes. 

<e) responding to said request by transmuting the requested crvptographic 
6 information: and 

(f) in the information receiver, downloading the transmined cr>ptographic 
8 information. 

48 A method according to Claim 47. wherein step (f) includes the steps of. 

2 (g) detecting the transmitted cryptographic information within an information 

stream received by the information receiver; and 

4 (h) downloading the detected cnptographic information from said information 

stream. 

49. A method according to Claim 47, wherein the cryptographic information 
2 includes dau for use in generating a session key for use by the decryptor for decryptiag 

information segments encrypted in accordance with said one conditional access proceu. 

50. A conditional access method in v^ch encrypted information is provided by in 
2 information service provider in accordance with a conditional access processes utilizing an 

algorithm for encrypting the information, comprising the steps of: 

4 (a) using a decryptor in an information receiver to decrypt encrypted infbrmatkm 

segments received by the information receiver by processing the recci\-ed encrypted 

6 information segments with a session key used tor encrypting the intbrmation segments m 
accordance with the algorithm utilized in said conditional access process: and 
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8 (b) in the inlbrmaiion receiver, enablmjt the decr>pior to decr\pi received 

inlormation segments encrypted in accordance \Mth said conditional access process by 

10 providing lo the decryptor cryptographic information for delinmg the algonthm utiiued in 
said conditional access process for use by the decryptor to decrypt the received 

12 intbrmation segment encr>*pted in accordance with said algonthm. wherein step ib) 
composes the steps of 

14 (c) detecting v^ithin an information stream received by the inl'ormauon 

receiver cryptographic information for defining the algonthm used for encrypting 
16 intbrmation segments in accordance with said conditional access process, and 

(d) downloading the detected cryptographic information from said 
18 information stream 

51. A conditional access method in which encrypted information is pro\ided by a 
an information service provider in accordance with a given conditional access process, 
comprising the steps of 

(a) encrypting an information segment for transmission in accordance with a given 
conditional access process; 

6 (b) using a decryptor in an information receiver to decrypt encrypted information 

segments received by the information recetver, 

8 (c) in the information receiver, enabling the decryptor to decrypt the receive 

information segments encrypted in accordance with the given condiDooal access process. 

10 wherein step (c) includes the steps of: 

(d) requesting transmission to the information receiver of oyptograplBC 
12 information for enabling decryption of a selected informatioo segment; and 

(e) in the intbrmation recover, downloading cryptographic information 
14 transtnitted to the receiver in response to said request; and 
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the method tunher comprismfce the step of. 

(f) responding lo said request by providing the requested cnpiographic 
information for transmission to the information receiver 

52. A method according lo Claim 51, wherein the requested cr\piographic 
intbrmation includes cr>-ptographic data for defining an ajgonthm used by the dccr\-pior 
for deciypting information segments encrypted in accordance with the given conditional 
access process. 



53. A method according to Claim 52. wherein step (e) includes the steps of 

Ig) detecung the transmitted cryptographic data within an information stream 
received by the information receiver; and 

(h) downloading the deicaed cryptographic data from said information stream. 

54. A method according to Claim 51, wherein the requested cryptographic 
information includes data for use in generating a session key for use by the decrjptor for 
decrypting information segments encrypted in accordance with the given conditional 
access process. 

55. A method according to Claim 54, wherein step (e) includes the steps of: 

(g) delecting the transmitted session key generation data within an informatioo 
stream received by the information receiver and 

(h) downloading the detected session key generation data from said infbnnation 

stream. 
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A method according to Claim 51. funher comprising the steps of 



2 (g) processing an authorization signal related to the selected information segment 

to detennine \\ hether or not decr>ption of the selected information segment is enabled and 

4 to determine which of a plurality* of different possible authorization statuses is applicable 
to the selected information segment: 

6 • (tit retneving from a plurality of different possible authonzaiion status messages 

within an information stream received by the information receiver a message applicable to 
8 the status determined by said processing; and 

(i) pro\iding the retrieved message for display 

57 A method of provtdmg for display of a message related to an authorization 
2 status of an information receiver in a conditional access system for receiving an 
information segment, comprising the steps of 

4 (a) processing an authonzauon signal related to the infonmaiion segment to 

determine which of a plurality of different possible authorization statuses is applicable to 
6 the information segnoent; 

(b) retrieving from a plurality of different possible authorization status messages 
6 within an information stream received by the information receiver a message applicable to 
the sutus determined by said processing; and 

10 (c) providing the retrieved message for display. 
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58 A method according to Claim 57. wherein the information segment is provided 
separately by each of a plur^ity of different service providers. 

wherein step (a) composes the steps of 

(d) processmg a plurahtx of authonzation signals respectively related to the 
information segment provided separately by the plurality of different service providers. 

(e) for each of the respective authorization signals related to the different service 
providers determining which of the pluralitv* of different possible authonzation statuses is 
applicable for the received information segment; and 

(f) selecting in accordance with a predetenruned priority one of the statuses 
determined by step (e), and 

wherein step (b) compnses retrieving the message applicable to the status seleaed 
by step (0 

59 A method of providing for display of a message related to an authonzauon 
staats of an information receiver in a conditional access system for receiving an 
intbrmation segment when the inlbrmation segment is provided separately by each of a 
plurality of different service providers, composing the steps of 

(a) processing a plurality of authorization signals respectively related to the 
information segment provided separately by the plurality of different service providers; 

(b) for each of the respective authorization signals related to the different service 
providers determining v^ch of a plurality of different possible authorization statuses is 
api^icable for the received information segment; and 

(c) selecting in accordance with a predetenntned priority one of the statuses 
detennined by step (b). 

(d) selecting from a plurality of different possible authonzation uatus messages 
the message applicable to the status determmed by step (c); and 
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it) providm(j the selected message for display 

60. A method of seleaing an appUcable authorization status of an information 
receiver for receiung an information segment when the information segment is provided 
separately by each of a plurality of different service providers m a conditional access 
>> stem, comprising the steps of 

(a) processmg a plurality of authorization signals respectively related to the 
information segment provided separately by the pluralhy of different service providers. 

(b) for each of the respective authorization signals related to the different service 
providers determining which of a plurality of different possible authorization statuses is 
applicable for the received information segment; and 

(c) selecting in accordance with a predetermined prionty one of the statuses 
determined by step (b). 
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